Online data security and hacking are very hot topics.
Just look at the recent confluence of Sony’s PlayStation Network data loss, LulzSec’s creation and rapid disbandment, Ryan Cleary’s arrest and the ever-present fear that the NHS’s online data repository is as holey as Swiss cheese.
Initial reports indicate that the value of data purloined from Sony is worth at least £100 million to criminals.
With these stolen identities, they can run amok.
Millions of people who just wanted to play games with their online buddies now possibly face anything from hijacked email or Facebook accounts, with all their knock-on effects, to theft and financial distress.
But while this type of data is a treasure trove for criminals, it’s a similarly rich and necessary source of information to marketers, who solicit and use it for legitimate business purposes.
Brands use demographic information to better target products and services - after all, there’s no point serving up family car ads online to a 14-year-old.
Marketers’ use of this type of information actually serves the convenience of marketer and consumer alike.
Consumers get to see adverts targeted to their interests and specific demographics, while marketers don’t waste precious spend barking up the wrong tree.
But beyond the utility of gathering and using this type of data is the mere reality that it exists.
For many websites it’s mandatory to input at least some personally identifying information, eg, credit card details on an e-commerce site.
So if a consumer’s inclination is to avoid vulnerability by not providing that type of information, his or her online experience will be sharply curtailed.
Thus, most consumers blithely provide the data and go on their way without a second thought about security.
Brands, however, think a lot about data security. Even prior to the Sony debacle, many have sat up and taken notice of the pressing nature of online privacy.
Boards talk about it. Lawyers draft online privacy policies that no one reads. Consumers, and even many of the boilerplate online privacy policies that companies use, assume that data encryption is the norm.
Everyone knows data privacy is an issue; everyone participates in the exchange of private information. But not everyone is approaching data security correctly - either on the consumer or on the brand side.
Brands can take several steps to improve how they handle private information and to prevent another data theft debacle on the scale of Sony PSN.
Firstly, they must balance their need for data with consumers’ reasonable expectation of privacy. collect only what you must.
Secondly, protect what you collect by using state of the art encryption technology consistently.
And what’s more, make it easy to find. The rigour of a brand’s data protection might one day actually become a differentiator to consumers.
However, just because brands have a lot of work to do to further the cause of data security, it doesn’t mean that consumers are off the hook.
If you’re going to play or buy online, you need to protect yourself.
More consumers should educate themselves about the pitfalls of granting access to personally identifying information and take steps to protect it.
For instance, they should shake it up a bit when it comes to username/password combinations and not take the easy way out by recycling the same combination wherever they visit.
Consumers can also favour websites that participate in programmes like VeriSign when it comes to inputting their credit card information.
Exerting that type of pressure will help light a fire under the laggards’ feet.
While this mutual balancing act between brand and consumer won’t guarantee that a data breach never happens again - especially since walling off data just waves a red flag in front of dedicated hackers - what it will do is bring more transparency to the data transaction.
More transparency and more responsibility taken on both sides of the equation can only lead to improved data security practices and a better, safer internet.
Samantha Horwitz, product development and projects director at digital consultancy Reform
This article was first published on brandrepublic.com